We were trying to set user roles from ldap attributes. The attribute we wanted to use was only visible for self-authenticated users. So, no proxy account would help in that case. The feature was not working.
After spending a day figuring out what was going wrong we discovered that in ldapgroups.module in _ldapgroups_detect_groups() the code is getting user dn and pass from $_SESSION['ldap_login']. Here is the code I am talking about:
// First try to connect with the stored user's DN and password.
// If unsuccessful, connect with the BINDDN and BINDPW stored in the database for this config.
$dn = isset($_SESSION['ldap_login']['dn']) ? $_SESSION['ldap_login']['dn'] : '';
$pass = isset($_SESSION['ldap_login']['pass']) ? $_SESSION['ldap_login']['pass'] : '';
However, I don’t see any place in were $_SESSION['ldap_login'] values are set. It seems like the variables were filled in Drupal 5 version of ldapauth.module, but not in Drupal 6.
Any help will be appreciated.
Thank you,
Inna

Comments

Inna Klimbovskaia’s picture

Inna Klimbovskaia commented

We managed to solve the problem by making a small change in ldapauth.module.
In ldapauth_login_validate we added the following code:
$_SESSION['ldap_login']['dn'] = $dn;
$_SESSION['ldap_login']['pass'] = $pass;

After that change variables became available in _ldapgroups_detect_groups() in ldapgroups.module.

It is still not clear why the code was not in the Drupal 6 implementation of ldapauth.module. Was it intentional? If so, should the code in ldapgroups be somehow fixed?

miglius’s picture

miglius commented
Status: Active » Postponed (maintainer needs more info)

Can you test the development version of the ldap_integration modules? Session variables are set in the ldapauth_authenticate() function.

johnbarclay’s picture

johnbarclay commented
Status: Postponed (maintainer needs more info) » Closed (fixed)